← Back
CWE-284

5,002 CVEs • Abstraction: Pillar

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

JSON object

Loading...

CVEs (5,002)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2008-2947
1Microsoft
1Internet Explorer
Apr 23, 2026
Jun 30, 2008
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1...Show more
Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors.Show less
CVE-2001-0781
1Pi Soft
1Spoonftp
Apr 16, 2026
May 30, 2001
N/A· v4
N/A· v3
7.5 HIGH· v2
Buffer overflow in SpoonFTP 1.0.0.12 allows remote attackers to execute arbitrary code via a long argument to the commands (1) CWD or (2) LIST.